AIM Italy S.r.l. (hence, the “Controller” or “AIM”), in its quality of Data Processing Controller, as per section 13 of the EU Regulation n. 679/2016 (hence, the “Data Protection Regulation”), and subsequent modifications and integrations, collects and subsequently processes personal data1 of the participants (hence, the ’“Data Subject”) – including as teachers (for instance, speakers, moderators, etc.) or learner – to the congress and/or other scientific or training event (hence, the ’“Event”, also in virtual mode).

The contact details of the Data Protection Officer (as per section 37 of the Data Protection Regulation) designated by AIM can be found at the following link https://www.aimgroupinternational.com/company-information.

1. Scopes and ways of processing.

The personal data of Data Subjects are processed in the context of AIM’s commercial activity, for the following scopes:

1. subscription and participation to the Event;

2. fiscal, administrative and accounting duties strictly connected to above participation;

3. execution of specific duties prescribed by law, regulation or EU norms (such as administration of credits for Continuing Medical Education);

4. distribution free of charge of documentation relating to the Event;

5. receipt of documentation from AIM in order to be updated on all its projects, initiatives and events, both my means of automated tools (such as newsletters, e-mails, SMS, MMS, robocalls, etc.) and by means of traditional tools (hardcopy mail and/or operator calls) in the same area of interest;

6. use of the Data Subject image, sent/uploaded by the same, due to publish it on the digital platform of the Event (if any);

7. with prior express consent of the Data Subject, communication of the data (name, surname, city of residence, health facility, e-mail address and mobile phone number) to third party companies other than AIM, including pharmaceutical and/or electro-medical companies, for their independent processing for promotional purposes (direct or indirect) within the same area of interest, both through automated tools (e.g. newsletters, e-mails, sms, mms, calls without an operator, etc.) and through traditional methods of contact (paper mail and/or direct calls through an operator). The latter will process the data of the Data Subject as autonomous owners, in compliance with all the regulations and ethical codes in force, providing him/her with the appropriate information on the respective processing and allowing him/her to exercise his/her rights as per section 15 and following of the Data Privacy Regulation;

8. with prior express consent, supply of the personal details of the Data Subject (name and surname) to the sponsoring companies of the training sessions (e.g., symposia), for the purpose of preparing an attendance list for them.

The processing of the personal data is executed, under authority of the Controller, by entities specifically Designated, authorized and instructed for the processing as per section 2-quaterdecies of Italian Law Decree n. 196 dated June 30, 2003, as amended by Italian Law Decree n. 101 dated August 10, 2018 (hence, the “Privacy Law”) and as per section 29 of the Data Protection Regulation, by means of manual, automated or telecom tools, with logics strictly connected to the scopes and in any case in such a way as to guarantee confidentiality and security of the personal data.

2. Juridical basis for processing, nature of transfer and consequences of denial, consent by Data Subject.

With reference to the scopes listed at preceding section 1, items 1., 2., 3., 4.,5. and 6, transfer of the personal data is mandatory and represents a necessary condition to the subscription and subsequent participation to the Event and receipt of documentation from AIM about future projects, initiatives and events in the same area of interest; indeed, failure to transfer will determine impossibility of subscribing the Data Subject to the Event and of involving him/her in any initiative of the Event or other AIM’s future projects, initiatives and events of the same area of interest; thus, the juridical base of the related processing is the full participation to the Event and the next update on AIM’s future projects, initiatives and events of the same area of interest, as per section 6, paragraph 1, letter b) of the Data Protection Regulation.

With reference to the scopes listed at preceding section 1, items 7. and 8., transfer of the personal data is optional, indeed the lack of consent will determine impossibility for the Data Subject to receive from third subjects other than AIM information about future projects, initiatives and events promoted by them in the sale area of interest or the failure to communicate to the companies sponsoring the training sessions (e.g. symposia) the personal details of the Data Subject, in order for them to prepare an attendance list. Thus, the juridical base of the related processing is the express consent of the Data Subject, as per section 6, paragraph 1, letter a) of the Data Protection Regulation.

3. Entities and categories of entities to which the personal data may be communicated and context of communication.

With regards to the scopes of the processing as indicated above, and within the strict boundaries of pertinence to these scopes, the personal data of the Data Subject will be communicated in Italy, in the European Union or beyond the European Union, to the following entities, for the scope of subscription and subsequent participation to the Event:

(i) to fiscal Authorities and other public Authorities, where mandatory by law or upon their request; (

ii) to financial institutions for the execution of payments related to the subscription;

(iii) to the structures and/or external companies that AIM uses for the scope of executing connected activities, instrumental or consequent to subscription and subsequent participation to the Event (such as press services, data processing and IT consultancies, promotional activities by companies participating to the Event, mailing of the event’s program, credits for Continuing Medical Education, hotel reservations etc.);

(iv) to external consultants (e.g. for management of fiscal duties) if not designated Processors in writing;

(vi) taking into account the fact that AIM is part of an international Group: to controlling, controlled or connected companies, for administrative and accounting scopes;

(vii) with prior express consent of the Data Subject, to third subjects other than AIM to be updated on future projects, initiatives and events promoted by said subjects in the same area of interest or to provide the companies sponsoring the training sessions (e.g. symposia) with the data of the Data Subject, for the purpose of their preparation of an attendance list.

Above entities, to whom the personal data of the Data Subject will be or may be communicated (insofar as not being designated Processors), will treat the personal data as Controllers according to the Data Protection Regulation, in full autonomy, being completely separated from the original processing executed by AIM.

Without the consent to communication of the personal data and to related processing, in those cases where it is foreseen as by Data Protection Regulation, the operations which require the communication might not be executed, with consequences known to the Data Subject.

A detailed and constantly updated list of these entities, including their respective offices, is always available at AIM’s legal offices.

 

DATA PROTECTION INFORMATION SHEET FOR PARTICIPANTS TO EVENTS

In the event of publication of images, videos and/or photographs of the Data Subject, specific information will be issued from time to time and specific release and consent will be requested.

As mentioned, however, the image of the Data Subject, sent/uploaded by the same, may be published on the digital platform of the Event (if any).

In particular, where necessary, AIM commits to complying with the norms defined by, respectively, decisions 2001/497/CE, 2004/915/CE and 2010/87/EU (according to the specific case), which oblige to the signing of so-called “typical contractual clauses” between the juridical entities involved in data processing outside of the European Union.

4. Rights of the Data Subject.

Sections 15 and following of the Data Protection Regulation grant the Data Subject the right to obtain:

– confirmation or denial of existence of personal data related to the Data Subject, even if not yet registered and their communication in an understandable format;

– indication of the origin of the personal data, of their scopes and of their ways of processing, of the logic applied in case of processing by means of electronic tools and of the identifying details of the Controller;

– update, rectification, integration, cancellation, transformation into anonymous data or blocking of data treated in violation of the law – including data for which conservation is not necessary for the scopes for which they were collected and subsequently processed. Documentation of these operations, also pertaining to their content, is brought to the attention of the Data Subjects whose data have been communicated or published, except for the case in which this duty is impossible to perform or requires the use of tools which are obviously disproportionate in relationship to the granted right.

Moreover, the Data Subject has the right to:

– withdraw consent (if given) to the processing of personal data at any time (without prejudice to the lawfulness of the processing based on the consent given before the withdrawal);

– oppose, partially or completely, for legitimate reasons, to processing of his/her personal data, even if coherent with the scope of collection;

– propose a complaint to the Data Protection Authority as foreseen by the Data Protection Regulation.

In order to know the detailed and constantly updated list of the entities to whom personal data of the Data Subject may be communicated and to exercise the rights granted by sections 15 and following of the Data Protection Regulation, in accordance with section 12 of Data Protection Regulation and within the limits of section 2-undecies of the Privacy Law, the Data Subject may contact the Data Processing Controller at the following addresses:

AIM Italy S.r.l.

Via Giuseppe Ripamonti n. 129 – 20141 Milan – Italy

Phone: +39 02 56601.1 – Email: info.aimcongress@aimgroup.eu.

5. Duration of the processing.

Except for legal obligations and for the Data Subject’s updates on all other projects, initiatives and future events promoted by AIM, the personal data of the Data Subjects will be conserved only for the Event’s duration. In any case, the processing will not have a duration exceeding 5 years from the date of the provision of the update service from AIM, as long as the Data Subject has not requested cancellation before. Notwithstanding the above, AIM may conserve some personal data of the Data Subject also after the termination of processing, exclusively for the scope of defending or safeguarding its rights, or in those cased as defined by law or by order of a judicial or government authority.

As per section 13 of Italian Law Decree n. 196 dated June 30, 2003 (“Privacy Law”), section 13 of the European Regulation n. 679 dated 2016 (“Data Protection Regulation”), Ruling n. 229 dated 2014 of the Italian Personal Data Protection Authority (section “Definition of simplified setup of the Information Sheet and consent acquisition for cookies’ usage”), as well as Recommendation n. 2 dated 2001 adopted as per section 29 of Directive n. 95/46/CE, AIM Group International S.p.A. intends to inform its Users on the use of their personal data, of the log files and of the so-called cookies gathered by means of navigation of the site www.epc2021platform.com (hence the “Site”) and requesting information through the “contact-us” form.

Controller, Processor and Data Protection Officer

The controller of the personal data processing is AIM Group International S.p.A., with legal offices in Via Giuseppe Ripamonti n. 129, 20141 Milano, Italy, Italian fiscal code 05075630482, Italian VAT number 06486081000, phone +39 02 566011, fax +39 02 56609059 and e-mail aimgroup@aimgroup.eu.

The updated list of Processors, where nominated, can be provided upon request by the Users.

The Data Protection Officer (as per section 37 of the Data Protection Regulation) contacts can be found at the following link: https://www.aimgroupinternational.com/company-information.

Category, nature and scope of the processed data

AIM will process some personal data of Users who navigate and interact with the web-services of the Site.

Navigation data

These are navigation data which the information systems acquire automatically during usage of the Site, such as the IP address, the URI (Uniform Resource Identifier) addresses, as well as the details of the requests sent to the Site’s server, and which make the navigation possible. Navigation data may as well be used to create anonymous statistics which allow to analyze the Site’s usage and to improve the Site’s structure.

Finally, navigation data might be used to detect illegal activities, such criminal IT activity against the Site.

Data supplied by the User

Any communication to the contacts listed on the Site implies the acquisition of the e-mail address and other personal information contained in the communication, after release of an appropriate information sheet (think of, for instance, the “contact us” form)

Cookies

Cookies are small text files that the sites visited by the users send to their terminals, where they are stored to be re-transmitted to the same sites on a later visit.

Cookies are used for different scopes: execution of authentications, monitoring of sessions, storage of information regarding specific configurations by users who access the server, storage of preferences, profiling, etc..

For further information on cookies and their functions in general, visit information web-sites such as allaboutcookies.org. For further information on the Italian regulations on cookies, visit www.garanteprivacy.it/cookie.

Types of cookies

Cookies may be distinguished based on their scope (such as technical cookies or profiling cookies) or on the basis of the domain of provenance (such as first-party cookies and third-party cookies).

a) Technical cookies

Technical cookies are those being used for the exclusive scope of transmitting certain data on an electronic data network, or of enabling the service supplier to provide the services explicitly requested by the subscriber or user. They may be subdivided into navigation or session cookies, which provide for normal navigation and usage of the Site (allowing, for instance, to make a purchase or to authenticate in order to access reserved areas); analytical cookies, similar to technical cookies if used directly by the Site manager to gather information, in an aggregated way, on the number of users and how they visit the Site; functional cookies, which allow the user to navigate as a function of certain selected criteria (such as language or the products selected for purchase) in order to improve the user experience. For the installation of this type of cookies no previous consent by the user is required.

b) Profiling cookies

Profiling cookies have the scope of creating profiles of the user and are used to be able to present the user with contents in line with his/her interests or to send targeted messages/advertisements. For the installation of this type of cookies, previous consent by the user is required.

c) First-party cookies

First-party cookies are those set up by the Site itself which the user is visiting.

d) Third-party cookies

Third-party cookies are set up by Sites different from the one the user is visiting.

How we use cookies

a) Navigation cookies

Are cookies needed to allow navigation of the Site and usage of some of the products and services, for instance in order to allow the user access to reserved areas or to improve the navigation performance.

b) Cookies for storage of preferences

These cookies allow to store the user’s choices, so as to improve the navigation experience of the Site. They are used, for instance, to keep track of the chosen language or to store the information whether the user consented to the use of cookies or not.

c) Statistical or analytical cookies

These cookies are used to monitor the Site’s performance, for instance in order to know the number of pages visited or the number of users that navigated a certain section. The analysis of these cookies generates anonymous and aggregated statistics without reference to the identity of the Site’s users. They are useful, in addition, to evaluate changes and improvements to the Site.

d) Social Network Cookies

These are cookies that allow to share the contents of the Site with other users or to express one’s opinion regarding the Site and its contents.

First-party cookies on the site

The Site uses the following technical first-party cookies:

exp_last_visit, exp_last_activity, exp_tracker, exp_csrf_token, cookie-banner

Type of cookie: navigation and storage / technical.

Third-party cookies on the Site

The Site uses some services that install third-party cookies on the user’s computer. These are under the direct and exclusive responsibility of the third-party management. In order to give or deny consent (where required by the applicable norms) reference needs to be made to the internet sites of the third parties or to the site www.youronlinechoices.com/it/ to obtain information on how to eliminate or manage cookies based on the used browser and to manage preferences with regards to third-party profiling cookies.

If the user doesn’t want to receive third-party cookies on his/her device, by means of the following links he/she can access the information sheets and consent forms of abovementioned third parties, as well as inhibit their installation.

a) ShareThis

The Site uses the ShareThis service to allow for sharing of some sections on the main social networks.

The profiling named ShareThis is a third-party cookie, i.e. a cookie from entities different from AIM. AIM is not in a position to exercise specific control over those entities and related cookies. In order to obtain information on these cookies and on their features and ways of operating, as well as to express the related consent, Users may use the following link http://www.sharethis.com/privacy/#sthash.NFg314D7.dpbs or contact ShareThis directly.

Type of cookie: social / profiling

For further information:

http://www.sharethis.com/legal/privacy/#sthash.NFg314D7.dpbs

In order to disactivate Share This, Users may use the settings of their browser (see instructions below) or the indications provided by the related third-party at the following link: http://www.sharethis.com/privacy/#sthash.NFg314D7.dpbs

b) Google Analytics

Google Analytics mainly uses proprietary cookies to generate reports on the interactions of the visitors on the web-site. These cookies are used to store information that doesn’t allow personal identification of the users.

The Site implements IP address masking, using only a part of the IP address in order to geolocate.

Google Analytics is to be considered a so-called analytic third-party cookie; these cookies may be considered to be similar to technical cookies, as i) the tools used for their functioning reduce the possibility of identification (for instance, by means of masking significant parts of the IP); ii) the third parties that own them committed to not associating the information they contain with other information they already dispose of.

Type of cookie: technical / analytics

For further information:

http://www.google.com/intl/it_ALL/analytics/learn/privacy.html

To disactivate Google Analytics, execute “Opt-out”:

https://tools.google.com/dlpage/gaoptout?hl=it

Cookies and browsers

By changing the setting of the internet browser used, cookies’ way of operating and options of limiting or blocking cookies can be defined. Many internet browser are initially set to accept cookies automatically, but the user may change these setting in order to block cookies or to be warned whenever cookies are being sent to the device. There are several ways of managing cookies, therefore reference must be made to the instructions manual or the help screen of the related browser, in order to verify how to define or change their settings. The user is allowed to change the predefined configuration and to disable cookies (i.e. to block them without time limitation), opting for the highest protection level.

Below the links for managing cookies for the related browsers:

Explorer: http://windows.microsoft.com/it-it/windows7/block-enable-or-allow-cookies

Safari: http://support.apple.com/kb/PH11913

Chrome: https://support.google.com/chrome/answer/95647?hl=it-IT&hlrm=fr&hlrm=en

Firefox: http://support.mozilla.org/it-IT/kb/enable-and-disable-cookies-website-preferences

If the user uses various devices to visualize and access the Sites (e.g. computer, smartphone, tablet, etc.), he/she should assure that each browser on each device is set to reflect his/her preferences regarding cookies. To eliminate cookies from the Internet browser of smartphones / tablets, please refer to the device’s user manual.

The modification and/or confirmation by the User of the expressed preferences on the use of cookies of the Site by means of the related options can occur at any moment, accessing this page through the related link to be found on each page of the Site, or modifying the settings of the web-browser.

Third-party web sites

Any third-party web-sites accessible by means of this Site are not covered by this Data protection policy. These sites could use different types of cookies and/or use a different data protection policy, for which this Site accepts no responsibility. Therefore we suggest to consult the data protection information sheets of the related sites and to follow the instructions on how to disable cookies, if desired.

Nature of the data transfer

Without prejudice to what’s indicated on navigation data and cookies, Users are free to provide their personal data, where requested by the related sections of the Site; refusal to provide these data might cause impossibility to provide the requested services.

Ways of processing

The personal data are processed by means of automated tools, whose settings are strictly related to their scopes and who operate for the strictly minimum time necessary for reaching the scopes for which the data were collected.

Collected information is stored in a safe environment.

Range of communication of the data

The Users’ personal data will be processed by staff commissioned by AIM. In addition, their data may be processed by third parties, external service providers who act on behalf and in name of AIM, duly nominated Controllers, who will treat the data in coherence with the scope for which they were originally collected.

Publication of data

Personal data will not be published.

Users’ rights

The Privacy Law and Data Protection Regulation grant Users certain rights.

Individual Users can exercise their rights as per section 7 of the Privacy Law and subsequent modifications and integrations, as well as sections 15, 16, 17, 18, 20 and 21 of the Data Protection Regulation at any time, by sending a written note to the Controller’s addresses as listed in preceding section 1 and thus obtain:

confirmation or denial of the existence of personal data of the User with indication of the related origin;
access, rectification, cancellation of the personal data or their limitation of processing;
cancellation, anonymization or blocking of personal data processed in violation of the law.

Individual Users may moreover oppose to the processing of the data that relate to them.

Updates

The Site’s data protection policy may be updated from time to time.